Automating Your Network with Ansible and Cisco NSO Enable Continuous
33 Slides9.34 MB
Automating Your Network with Ansible and Cisco NSO Enable Continuous Integration and Deployment with Zero Downtime John Malzahn – Host, Senior Manager, Cloud and Virtualization Solutions Marketing, Cisco Systems Carl Moberg – Technical Director, Cisco Systems Andrius Benokraitis – Principal Product Manager, Networking, Ansible by Red Hat Ian Hood – Chief Technologist, Global Telco, Red Hat October 12, 2017
Today’s Presenters John Malzahn Senior Manager, Cloud and Virtualization Solutions Marketing Cisco Systems Andrius Benokraitis Principal Product Manager, Networking Carl Moberg Ian Hood Technology Director, Cloud and Virtualization Group Chief Technologist Global Telco Ansible by Red Hat Cisco Systems Red Hat 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda 1 2 3 Red Hat Ansible Automation Cisco NSO Lifecycle Orchestration Better Together: Ansible and Cisco NSO 4 Demo 5 Wrap-up 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automation with Ansible 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
No matter where you are on your path to digital transformation, you can make an impact with automation. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How are you thinking about management? What is your automation strategy? 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Everyone is talking about automation 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ANSIBLE IS THE UNIVERSAL LANGUAGE BUSINESS 2017 Cisco and/or its affiliates. All rights reserved. DEV Cisco Confidential QA/ SECURITY IT OPERATIONS
RED HAT ANSIBLE TOWER Scale operationalize your automation CONTROL KNOWLEDGE DELEGATION RED HAT ANSIBLE ENGINE Support for your Ansible automation SIMPLE POWERFUL AGENTLESS FUELED BY AN INNOVATIVE OPEN SOURCE COMMUNITY 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco NSO The Industry Leading Network Automation & Orchestration Platform 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco NSO – The Network API Network Engineers Automation Frameworks Northbound: REST, NETCONF, JSON-RPC, Java, Python, Erlang, CLI, Web UI Cisco NSO Southbound: 70 vendors across physical and virtual networks CPE CPE Metro and Access 2017 Cisco and/or its affiliates. All rights reserved. WAN Cisco Confidential Data Center No hard-coded assumptions about: Network services Network architecture Network devices YANG-based data store driving the north- and southbound interfaces Southbound multi-protocol support including NETCONF, REST, CLI, SNMP Massively scalable architecture deployed in networks with 100k devices
Network Device Stack Single entry point for configuration, operations Config Management Application Config Applications OS Monolithic Versioning 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Features Change Rate CLI/NETCONF/etc with supporting infrastructure including config master db for inflight changes In-memory and/or artifacts on disk complicated updates through micro-orchestration High, depends on location in network and service: Day0/1 on install Day N for services Proprietary applications, lifecycle as integrated product Low, as part of maintenance or security Non-mainstream (platform HAL, kernel patches, etc), lifecycle as integrated product
From Devices (ConfD) CLI SNMP NETCON F REST ConfD Data Data Model Model ss CDB Subscription-based APIs A Mess (OS, Apps) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Challenges: Many different APIs and interfaces to the north Heterogenous environment to the south One operation may lead to many activities Solution includes: APIs and interfaces driven by models Transaction-engine with flexible rollback
to Networks (NSO) CLI NSO SNMP Service Models NED Challenges are very similar, but larger scale, more distributed So we added some more to the solution: Layered models for abstraction Mapping between layers CDB Device Models NED REST NETCONF NED NED A Mess (the Network) 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Adapters for talking different protocols
So Here We Are – Cisco NSO Network Engineering Ops and Provisioning Service Developers NSO Service Manager CDB Device Manager Device Abstraction NED NED Package Manager ESC (VNFM) NED VNF Lifecycle Manager Multi-domain Networks 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential VNF Service Monitoring Model-driven end-to-end service lifecycle and customer experience in focus Seamless integration with existing and future OSS/BSS environment Loosely-coupled and modular architecture leveraging open APIs and standard protocols Orchestration across multi-domain and multilayer for centralized policy and services across entire network
Automation Better Together with Ansible NSO 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Reference Architectures Spanning Applications and Networks Connectivity Centric Application Centric Playbook s Ansible NSO Ansible App 2017 Cisco and/or its affiliates. All rights reserved. NSO App Cisco Confidential App Playbook s App
Ansible Plus Cisco NSO – Better Together Ansible uses Playbooks to define named tasks that are executed by the ansible-playbook tool. The tasks use modules to perform activities. The NSO modules uses the version JSON-RPC API NSO uses YANG modules to describe the schema of the data that can be manipulated using JSON-RPC. Clients (in this case an Ansible module) perform operations on the data stored in CDB. Easily consumed by native Ansible allows application-centric services to unlock the full value of the network Red Hat Ansible Tower provides playbook-driven IT and network automation Cisco NSO provides model-driven service orchestration in hybrid networks 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ansible Cisco NSO - Roles and Responsibilities Ansible Playbook Playbook Playbook NSO module JSON-RPC NSO CDB YANG Devops teams Owns lifecycle of playbook YANG becomes contract language between teams across infrastructure cycles: Requirements from apps device provided in YAML-format New services published by infra team as REST-interface update Infrastructure teams: Owns lifecycle of network services Hybrid Network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Applicable Cisco NSO Features Ansible Playbook Playbook Playbook NSO provides a full CRUD interface Create – easy Update – hard Delete – very hard NSO module JSON-RPC NSO Transactions – either stuff entirely happens or no stuff happens Model-based (YANG) so clients can fetch and validate payloads YANG CDB YANG Hybrid Network 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Three Ansible Modules for Cisco NSO The nso verify module fetches data from NSO, compares with data in the task and reports any violations The nso action module performs RPCs on NSO (e.g. checksync) and validates the output The nso config module is used to create and delete instance data in NSO 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Module Commonality YAML data encoding for all Ansible features YAML encoding is straight translation from the JSON data structures natively provided by NSO, e.g: curl -H "Accept: application/yang-data json" \ http://localhost:8080/restconf/data/devices/ json2yaml Input data is runtime validated against applicable subset of NSO YANG modules 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Value of Ansible Tower Cisco NSO Single Ansible module leveraging NSO to support 70 vendors across domains Integrated YANG-support for model-driven configuration validation Full rollback capabilities across vendors and device types 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Gain immediate control over the entire network from data center to CPE Significantly reduce the amount of time spent testing configuration changes Reduce fallouts requiring manual intervention to a minimum
Automating Your Infrastructure with Ansible Tower and Cisco NSO 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
AUTOMATION Ansible Cisco NSO Use Cases Network Automation Continuous Complianc e IoT NFV / SDN 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Automating Mobile Services – vIMS / vEPC Use Cases Service Orchestration SDN / Network Automation RHOSP Deployment Orchestration/Automation Automation Service Provider Service Provider CloudCloud Ceph Storage Automation CloudForms Customers VNF / Workload Placement Ansible Tower Cisco NSO Open APIs Mobile Devices Cisco NSO vEPC vIMS vSMS vPCRF Business Location / Venues NFVI RHEL KVM Comput e 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential RH OSP RH Storage Storag e HOST RHEL OVS/ DPDK Networ k
Demo Time! 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Demo Setup – Cisco NSO CLI JSONRPC REST Three groups of three routers each, running in netsim (management only, no packets passed) Appropriate NEDs loaded to support the router types and protocols I’ll use the CLI and REST for manual steps, and Ansible will use the JSON-RPC interface NSO CDB XE (CLI) IOS-XE XR (CLI) IOS-XR 2017 Cisco and/or its affiliates. All rights reserved. NETCONF Juniper Cisco Confidential
Demo Setup – Ansible Three NSO modules interacting with device- and service level abstractions A set of example playbooks using the modules Playbook Playbook Playbooks Ansible NSO Configuration Module NSO Verification Module NSO Action Module JSON-RPC 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Summary 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What You Gain Cisco Network Services Orchestrator Ansible Tower Agility Throughout Service Lifecycle - Strict YANG model-driven solution - Auto-rendered business logic results in 90% less code - Effortlessly re-deployment of updated service and device models - DevOps for differentiation Full automation of Applications and Networks Robust and Proven in tier-1 Deployments Industry’s Broadest Multivendor Support Relevant in today’s and tomorrow’s networks 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
For more information Visit: www.cisco.com/go/nso www.redhat.com/ansible And contact your Cisco and Red Hat account representatives 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential